The arp anti-attack log-trap-timer command sets the interval for sending ARP alarms.
The undo arp anti-attack log-trap-timer command restores the default setting.
The default interval for sending alarms is 0, indicating that the device does not send ARP alarms.
| Parameter | Description | Value |
|---|---|---|
time |
Specifies the interval for sending ARP alarms. |
The value is an integer that ranges from 0 to 1200, in seconds. |
Usage Scenario
After rate limiting on ARP packets based on source IP addresses is enabled, if the number of ARP packets the device receives per second exceeds the limit, the device discards the excess ARP packets. The device considers the excess ARP packets as potential attacks. The device sends ARP alarms indicating potential attacks to the NMS. To avoid excessive alarms when ARP attacks occur, reduce the alarm quantity by setting a proper interval for sending alarms.
Precautions
In the insecure environment, you are advised to extend the interval for sending ARP alarms. This prevents excessive ARP alarms. In the secure environment, you are advised to shorten the interval for sending ARP alarms. This facilitates fault rectification in real time.
After the interval is set, the device discards alarms generates in this interval; therefore, some faults cannot be rectified in real time.
The command takes effect only on the alarm for ARP rate limit based on source IP addresses (corresponding to arp speed-limit source-ip). The other ARP alarms are generated at a fixed interval of 5 seconds.